At a Glance
- Tasks: Lead security initiatives and guide teams on secure product development.
- Company: Dynamic retail tech company with a focus on security innovation.
- Benefits: Competitive daily rate, hybrid work model, and opportunities for professional growth.
- Other info: Join a supportive team with excellent career advancement potential.
- Why this job: Make a real impact in security while collaborating with talented engineers.
- Qualifications: Strong security background and understanding of modern application development.
Below, you will find a complete breakdown of everything required of potential candidates, as well as how to apply. Good luck.
Retail Hybrid: 3 days onsite per week in London
6 months+ £750 - £800 per day
In short: We require a strong, application-focused Security Architect with a keen background in development or at least the ability to assure a product's architecture and have low-level, detailed conversations with engineers on the product whilst also facing off to more senior stakeholders in the business.
In full: You will be responsible for augmenting the Security Architecture team with speciality skills and help scale our security presence across the wider technology and infrastructure teams. Provide engineering and product teams with direction and guidance for all security matters. Help product teams deliver new business features securely while balancing and clearly articulating technical and business risk. You will be expected to drive the deployment/integration of security capabilities into engineering teams within the product domain. You will drive security initiatives such as developing security requirements, threat modelling, strengthening application security, vulnerability reduction, etc., with the engineering teams. Reducing friction is paramount and we are all about fast feedback within existing workflows, not adding another console for a developer to check. Support teams in a collaborative manner in matters of mobile application, web application, cloud and data security, with threat modelling, risk treatment and security advice across all security domains. If you can raise a PR to fix a security issue, do so. Facilitate risk remediation but also challenge decisions and status-quo. Facilitate in assurance activities like penetration testing, purple testing, app assurance. Build quarterly/monthly roadmaps for security activities and plan them.
You will need:
- Solid security experience across common security domains - the technology might have changed but most of the security challenges have not.
- A thorough understanding of modern application development practices so that security capabilities can be introduced and embedded while minimising developer friction.
- Excellent interpersonal, facilitation, and leadership skills along with effective communication (both written and verbal) skills.
- Be able to provide security guidance to engineering teams throughout the product development lifecycle.
- Be able to develop threat models, attack trees, and embed security by design in product engineering effort.
- Good understanding of web technologies, REST APIs, micro services, modern application development, and mobile apps.
- Good understanding of software architecture, dev-sec-ops, and network security.
- Experience in browser security or mobile app security is desirable.
- Good understanding of industry standards such as OWASP ASVS, OWASP Top-10, CIS benchmarks.
- Hands-on experience with complex Azure and AWS architectures with an emphasis on containerised workloads.
- Command-line/API experience is highly desirable as security automation is a strategic priority.
- Some coding experience in something is always a plus - Java, HTML, JavaScript. You do not need to 'be a developer' but you do need to understand the implications of security on engineering velocity.
- Knowledge of and experience with PCI-DSS will be desirable.
- Multiple examples of completed projects in security engineering or closely related areas.
- Azure or AWS cloud security certifications (preferred).
Candidates will ideally show evidence of the above in their CV in order to be considered. Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly.
Pontoon is an employment consultancy and operates as an equal opportunities employer. We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.
Security Architect (DevSecOps) employer: Pontoon
As a leading employer in the retail sector, we offer a dynamic work environment that fosters innovation and collaboration. Our London-based team enjoys a hybrid work model, allowing for flexibility while engaging in meaningful projects that enhance security across our technology landscape. We prioritise employee growth through continuous learning opportunities and a culture that values diverse perspectives, making us an excellent choice for professionals seeking to make a significant impact in their field.
StudySmarter Expert Advice🤫
We think this is how you could land Security Architect (DevSecOps)
✨Tip Number 1
Network like a pro! Reach out to folks in your industry on LinkedIn or at meetups. A friendly chat can lead to opportunities that aren’t even advertised yet.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repo showcasing your security projects. This gives potential employers a taste of what you can do and sets you apart from the crowd.
✨Tip Number 3
Prepare for interviews by brushing up on common security scenarios and challenges. Be ready to discuss how you’d tackle real-world problems, especially those related to DevSecOps.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love hearing from passionate candidates like you!
We think you need these skills to ace Security Architect (DevSecOps)
Some tips for your application 🫡
Tailor Your CV:Make sure your CV highlights your security experience and relevant skills. We want to see how your background aligns with the role of a Security Architect, so don’t hold back on showcasing your achievements!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you’re the perfect fit for this role. Share specific examples of how you've tackled security challenges in the past and how you can bring that expertise to our team.
Showcase Your Technical Skills:We’re looking for someone who understands modern application development and security practices. Be sure to mention any hands-on experience you have with Azure, AWS, or coding languages like Java or JavaScript. This will help us see your technical prowess!
Apply Through Our Website:To make sure your application gets the attention it deserves, apply directly through our website. It’s the best way for us to keep track of your application and ensure it reaches the right people!
How to prepare for a job interview at Pontoon
✨Know Your Security Fundamentals
Brush up on your knowledge of common security domains and industry standards like OWASP ASVS and PCI-DSS. Be ready to discuss how these apply to modern application development and how you can integrate security seamlessly into engineering processes.
✨Showcase Your Technical Skills
Prepare to talk about your hands-on experience with Azure or AWS, especially in relation to containerised workloads. If you've worked on projects involving threat modelling or vulnerability reduction, have specific examples ready to share that demonstrate your impact.
✨Communicate Effectively
Since this role requires excellent interpersonal skills, practice articulating complex security concepts in a way that's easy for non-technical stakeholders to understand. Think about how you can balance technical details with business risks during your discussions.
✨Demonstrate Collaborative Spirit
Be prepared to discuss how you've worked with engineering teams in the past to embed security practices without adding friction. Highlight any experiences where you facilitated risk remediation or contributed to assurance activities like penetration testing.
